logo

Database

Improper resource allocation - Buffer overflow In openssl

Description

Duplicate Advisory: openssl X509VerifyParamRef::set_host buffer over-read

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references.

Original Description

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. NVD-2023-531592. GCVE-GHSA-gw89-822v-8v8g

References

1. https://github.com/sfackler/rust-openssl/issues/19652. https://crates.io/crates/openssl3. https://rustsec.org/advisories/RUSTSEC-2023-0044.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.